oss-sec mailing list archives
Re: Multiples vulnerabilities in wordnet
From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 12 May 2008 16:14:19 -0400 (EDT)
I've assigned CVE-2008-2149 to just deal with the "overflow in a long command line" as reported for the searchwn function. This is based on the comment in the Gentoo bug report that "I have seen that Wordnet is sometimes used as a backend in e.g. web applications," otherwise might have dismissed it as just a regular command-line overflow. (Increasing application connectivity is making this distinction harder, though.) If additional detailed research is performed, then other CVEs could be assigned accordingly. - Steve ====================================================== Name: CVE-2008-2149 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2149 Reference: CONFIRM:https://bugs.gentoo.org/show_bug.cgi?id=211491 Stack-based buffer overflow in the searchwn function in Wordnet 2.0, 2.1, and 3.0 might allow context-dependent attackers to execute arbitrary code via a long command line option. NOTE: this issue probably does not cross privilege boundaries except in cases in which Wordnet is used as a back end.
Current thread:
- Multiples vulnerabilities in wordnet Pierre-Yves Rofes (May 09)
- Re: Multiples vulnerabilities in wordnet Ben Haskell (May 09)
- Re: Multiples vulnerabilities in wordnet Steven M. Christey (May 12)